\section{Legal Background and Motivation}\label{legal}
The emergence of computer software in society allows for a new range of disputes
and misconduct. In recent times, software innovations have been the originating
cause for disputes in Internet identity theft \cite{Valetk2004}, digital 
copyright infringement \cite{Manesh2006}, and death from malfunctioning 
safety-critical software \cite{Leveson1993}. This research is concerned with the
use of software in safety-critical systems. Because of the explosive use of
software in organizations today, safety risks are at issue. Any system is 
considered \textbf{safety-critical} if its ``\textit{failure may cause injury or
death to human beings}'' \cite{FOLDOC}.

\subsection{Tort Liability}
The term \textbf{tort} encompasses many disputes that involve wrongdoings, but 
can be expressed in general as ``\textit{an unwanted intrusion on a protected
personal right that causes physical, economic, or psychological injury}'' 
\cite{Burgunder2004}. Tort liability surfaces itself in the forms of negligence
law and strict products liability.

\subsubsection{Negligence Law}
A software developer builds products just as any other engineer does. In the
safety-critical realm, software developers are subject to the same negligence
laws that apply in all of engineering. Negligence law is concerned with behavior
that is socially unreasonable. When, then, is negligence law invoked?

\begin{quote}
``\textbf{Negligence liability} attaches when injury or loss is caused by a 
failure to satisfy a duty that was imposed by law, as a matter of public
policy.'' \cite{Kaner_neg_1995}
\end{quote}

Because duty is behavioral, negligence is only concerned with the
process\footnote{\textbf{Software processes} are discussed further in
Sections \ref{process} and \ref{sdp}.} involved in creating the product, not the
product itself. In general terms, an organization in the safety-critical realm
has a duty to take reasonable measures to ensure that its products are safe.
These measures are steps taken during the process of developing said product. 
According to negligence law, all that a party in question must do to avoid the 
possibility of liability is to ensure to exercise ``due care".

Software is especially concerned with negligence law because the comprisal of
activities that a software developer engages in results in the product itself.
There are no parts that need to be machined or tools that need to be fabricated
in order to construct software. In general, software can be described as 
``\textit{a static description of a dynamic process}\footnote{This definition
was originally expressed by Clark S. Turner.}'' where a programmer is providing
the service (writing a static description) of making a computer function (a
dynamic process) as desired by a client. It can be argued that this service is
not sufficiently a tangible product\footnote{Section \ref{software_props}
provides evidence for this argument, which is made more formally in
\cite{Turner2000}.}, so it would seem that software engineers fall under the
jurisdiction of negligence law.

The idea of ``due care" is ambiguous, but can be explicated. Cem Kaner adopts
the formula\footnote{this cost-benefit analysis was originally expressed by
Judge Learned Hand in the case of  \textit{United States v. Carroll Towing Co.}
and formally described in \cite{Kaner_neg_1995}.} shown in Figure 
\ref{fig:negligence} to qualitatively evaluate how reasonable a company's
actions are. According to the Learned Hand test, an organization that develops 
safety-critical software, then, has a duty to spend the amount of time and
resources equivalent to the product of the severity of harm and the likelihood
that it will happen.

\begin{figure}
\begin{narrow}{-1.5in}{-1.5in}\begin{center}
\begin{tabular}{|l|}
\hline
	Let \textbf{B} be the burden (expense) of preventing a potential accident.\\
	Let \textbf{L} be the severity of the loss if the accident occurs.\\
	Let \textbf{P} be the probability of the accident.\\[6pt]
	Then \textit{failure to attempt to prevent a potential accident is 
	unreasonable if}\\[8pt]

      \centerline{\(B < P \times L\)}
\\[3pt]
\hline
\end{tabular}
\end{center}\end{narrow}
\caption{Negligence cost-benefit analysis}
\label{fig:negligence}
\end{figure}

\subsubsection{Strict Liability}
Strict products liability focuses primarily on the condition of actual products
that are released to consumers, not the process used to develop them. If this
standard were to be applied to software, then a software vendor ``\textit{will be
liable for damages resulting from an unreasonably dangerous product, whether the
seller was negligent or not}'' \cite{Burgunder2004}. Yet the line remains
unclear as to when and how to extend the scope of strict liability in software 
since a developer can be held liable even if due care was used.

First and foremost, personal injury is necessary for the strict products
liability standard to be applied. When applied, defective products in question
are subject to either \textbf{manufacturing defect} consideration or
\textbf{design defect} consideration. The former applies when a product strays
from the intended design, but software itself \textit{is} a design for a
computer system to operate under. The latter pertains when the design of a
product is not adequately safe, even if the particular instance of product
complies with the manufacturer's intention \cite{Turner1999}. Once the nature of
the defect is identified, Calabresi suggests that  a decision must be made as to

\begin{quote}
``\ldots which of parties to the accident is in the best position to make the
cost-benefit analysis between accident costs and accident avoidance costs and to
act on that decision once it is made'' \cite{Calabresi1972}
\end{quote}
\noindent{the victim or the injurer?} Instead of deciding whether or not preventative
measures are worthwhile, a jury must decide \textit{who} is more likely to 
discover this and act on it.

Finding the liable party is not as much of a problem in software as identifying
a defect. Software defects do exist, but calling them \textit{product defects} 
rather than \textit{process defects} is questionable. The application of strict
liability against software is still in debate\footnote{This debate is considered
in \cite{Turner2000}.}, but is not of concern in this paper.

\subsection{Why This Problem is Important}
Although the Learned Hand test shown in Figure \ref{fig:negligence} does provide
a method to evaluate the applicability of negligence, it still leaves much up to
interpretation for software developers. How much would it cost to take preventative
measures? What (if any) preventative efforts did an organization pursue to avoid
risk? What is the likelihood that an accident would occur in the first place? In
a perfect world with perfect foresight, this problem would be easy to solve. But
as it stands, quantifying the probability that an accident will occur and the
expense of its prevention in the safety-critical software domain is difficult.

This research aims to trace out an approach which will help answer these
questions that software developers can employ at minimal cost to an 
organization. Having a repository of traceable documentation comments will help
software developers write quality software with conscious record of their 
decisions and defenders track the preventative measures taken by the developers
to satisfy the ``due care'' requirement to defend against negligence.
